DOCSLIB.ORG

Protection of Agent Teamwork

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Protection of Agent Teamwork Jeremy Hall Protection of Agent Teamwork Table of Contents Goal............................................................................................................................................................1 Overview....................................................................................................................................................1 Class Overview .........................................................................................................................................2 Javassisti.....................................................................................................................................................3 Usage..........................................................................................................................................................3 Limitations .................................................................................................................................................3 Java Limitations .........................................................................................................................................4 Changes made to Agent Teamwork...........................................................................................................4 Proxy Creation - Logical Flow...................................................................................................................4 Proxy Method Execution – Logical Flow..................................................................................................7 Conclusion .................................................................................................................................................8 I. Goal 1. The main goal of this project was to protect a Java program's logic by encrypting a Java class's methods. This is accomplished by first encrypting a Class, and then only decrypting the parts of that Class as they need to be used, after which they are thrown away. An additional goal was to have as little an impact as possible on existing code. This means that the project should require as little change in the classes that it protects as possible. A program using an encrypted class should also have minimal required changes to use the encrypted classes. II. Overview 1. The reason for protecting a Java program's logic is to prevent sophisticated attacks such as an attacker scanning the memory of a computer while its Java program is running. Another situation is forcing a memory dump to read the contents of a running Java program. 2. This project relies heavily on an open source Java library called Javassist. Javassist allows for manipulation of Java bytecode files, as well as run-time compilation of dynamically created classes. 3. For a class to be encrypted, its bytecode .class file must be loaded by a special classloader. In practice, this means using an instance of the ClassRipper class. 1 4. When a class is “ripped”, all of its methods are changed to forward their parameters to a single “Invoke” method. All of the class's real methods are encrypted, and stored inside of a class which knows how to decrypt and return an instance of a class that contains the required method ( In Java, a method cannot exist on its own, it must exist inside of a Class) . A one-time-use classloader is used to actually create the instance of the class containing the method. 5. The decrypted method is invoked, and all references to the instance of the class containing the method lose scope (including the class loader that loaded the class), so that the instance is garbage collected, and no unencrypted versions of the code remain. III. Class Overview 1. ClassRipper is the class that a program wishing to use an encrypted class will use. This class will “rip” a Java .class file, and return an instance of an object which contains the same public interface ( note that this does not literally mean a Java interface, but in fact means the returned class will have all the same methods, variables, interfaces, and inherited class ) as the Class stored in the .class file. 2. ProxyCreator is the class which holds all the actual steps for generating a new encrypted Class from the original Class representation. I refer to the modified classes as proxies. 1. There are two slightly different proxy types that need to be created. The first is the Class whose instance will be returned to the user. This class contains none of the method information from the original class. It just has skeleton methods which forward all information to an “Invoke” method. 2. For every method that existed in the original class, a separate Class must be created to store said method. This is the second type of proxy. This proxy actually contains a method from the original class in it for execution. In addition to containing a real method, however, it must also contain skeleton methods just like the first type of proxy. This is because the method that this proxy contains may reference another method inside the original class. 3. ClassServer is essentially a wrapper around a Hashtable. ClassServer accepts a method name, and returns the correct Class wrapped method for a proxy to use. ClassServer uses the method name as a key into the Hashtable, decrypts the Class that is returned to it, and then instantiates an instance of that Class to return to the proxy. 2 4. DisposableClassLoader is a ClassLoader which is to be used with only one class. ClassServer uses this class to instantiate the Class returned to it from the Hashtable. This is because for the class definition to be garbage collected, the ClassLoader that loaded it must be dereferenced as well. 5. The Crypto class provides the methods to encrypt and decrypt. It also handles the generation of the secret key. Its encryption implementation is a symmetrical cipher. 6. ByteEncrypt extends Crypto and is used specifically to handle the encryption of bytes. This class is used by ClassRipper to encrypt the individual class wrapped methods which are inserted into the Hashtable. IV. Javassisti 1. As mentioned earlier, Javassist allows for the manipulation of bytecode, and the run-time creation of classes. Before modifying a class with Javassist, the class must be loaded into one of Javassist's own class types. Most of the Javassist code is in the ProxyCreator class. This project loads the class from a .class file from the filesystem. This is loaded into a CtClass, which is a Javassist representation of a Class. CtMethod is Javassist's representation of a Java Method. 2. CtClass allows for the direct manipulation of all of a Class's internal members. CtMethods can be created, added to a CtClass, removed from a CtClass, and modified. CtFields are representations of Java Fields, and can be modified similarly to CtMethods. V. Usage 1. To create an encrypted class, the first thing one must do is to instantiate an instance of ClassRipper. 2. Call the method Object ClassRipper.StartRip( String location ). The parameter points to the .class file of the Class which should be encrypted. The returned object is an instance of an encrypted version of the class. If the Class to be encrypted needs to have arguments passed to its constructor, then use Object ClassRipper.StartRip( String location, Object[] args ) instead, and pass an Object array holding the constructor arguments along with the .class file location. VI. Limitations 1. One major limitation placed on a Class which wants to be encrypted is that the constructor may not reference another method in the class. This is because of the order in which the 3 constructor is called, and the ClassServer which contains the encrypted methods is passed to the proxy. When the encrypted version of the class is created at runtime, one of the methods added to it is called “_setClassServer” and its meant to accept the ClassServer so that the proxy can retrieve its methods. This method must by definition be called after the constructor, which means that if the constructor references another method in the class, the proxy won't have its ClassServer yet so it cannot retrieve the method and an exception will be thrown. 2. Encrypted classes are not threadsafe. This is because there is a mechanism to send and retrieve class variables each time a method is called, and this portion has not been synchronized (although it probably wouldn't be hard to do). VII. Java Limitations 1. There are certain limitations in Java which have made the project harder to implement. One of the biggest limitations is that once a Class has been loaded by a Java ClassLoader, it cannot be replaced, or removed individually. To get rid of a Class, the entire ClassLoader must be garbage collected. 2. Methods must be wrapped inside of a Class, they cannot exist on their own. 3. Once a Class has been loaded into Java, it cannot be modified (there actually is a way to allow this, but it can only be done by running Java in debug mode). 4. Unless the class being encrypted belongs to an interface, the only way to access the methods of the encrypted class is through reflection (unless you cast the object as its superclass). This is because the actual class isn't created until run-time. 5. In Java, its very difficult to remove all traces of something from memory. This is because garbage collection is nondeterministic. Its impossible to know when it will happen, and it's impossible to force it to happen. This means that unencrypted versions of methods can be floating in memory for some time before being removed, thus reducing the
Load more

Recommended publications
  • Advanced-Java.Pdf
    Advanced java i Advanced java Advanced java ii Contents 1 How to create and destroy objects 1 1.1 Introduction......................................................1 1.2 Instance Construction.................................................1 1.2.1 Implicit (Generated) Constructor.......................................1 1.2.2 Constructors without Arguments.......................................1 1.2.3 Constructors with Arguments........................................2 1.2.4 Initialization Blocks.............................................2 1.2.5 Construction guarantee............................................3 1.2.6 Visibility...................................................4 1.2.7 Garbage collection..............................................4 1.2.8 Finalizers...................................................5 1.3 Static initialization..................................................5 1.4 Construction Patterns.................................................5 1.4.1 Singleton...................................................6 1.4.2 Utility/Helper Class.............................................7 1.4.3 Factory....................................................7 1.4.4 Dependency Injection............................................8 1.5 Download the Source Code..............................................9 1.6 What’s next......................................................9 2 Using methods common to all objects 10 2.1 Introduction...................................................... 10 2.2 Methods equals and hashCode...........................................
    [Show full text]
  • Plugin Tapestry ​
    PlugIn Tapestry ​ Autor @picodotdev https://picodotdev.github.io/blog-bitix/ 2019 1.4.2 5.4 A tod@s l@s programador@s que en su trabajo no pueden usar el framework, librería o lenguaje que quisieran. Y a las que se divierten programando y aprendiendo hasta altas horas de la madrugada. Non gogoa, han zangoa Hecho con un esfuerzo en tiempo considerable con una buena cantidad de software libre y más ilusión en una región llamada Euskadi. PlugIn Tapestry: Desarrollo de aplicaciones y páginas web con Apache Tapestry @picodotdev 2014 - 2019 2 Prefacio Empecé El blog de pico.dev y unos años más tarde Blog Bitix con el objetivo de poder aprender y compartir el conocimiento de muchas cosas que me interesaban desde la programación y el software libre hasta análisis de los productos tecnológicos que caen en mis manos. Las del ámbito de la programación creo que usándolas pueden resolver en muchos casos los problemas típicos de las aplicaciones web y que encuentro en el día a día en mi trabajo como desarrollador. Sin embargo, por distintas circunstancias ya sean propias del cliente, la empresa o las personas es habitual que solo me sirvan meramente como satisfacción de adquirir conocimientos. Hasta el día de hoy una de ellas es el tema del que trata este libro, Apache Tapestry. Para escribir en el blog solo dependo de mí y de ninguna otra circunstancia salvo mi tiempo personal, es com- pletamente mío con lo que puedo hacer lo que quiera con él y no tengo ninguna limitación para escribir y usar cualquier herramienta, aunque en un principio solo sea para hacer un ejemplo muy sencillo, en el momento que llegue la oportunidad quizá me sirva para aplicarlo a un proyecto real.
    [Show full text]
  • An Easy-To-Use Toolkit for Efficient Java Bytecode Translators
    An Easy-to-Use Toolkit for Efficient Java Bytecode Translators Shigeru Chiba Muga Nishizawa Dept. of Mathematical and Computing Sciences Tokyo Institute of Technology Email: {chiba,muga}@csg.is.titech.ac.jp Abstract. This paper presents our toolkit for developing a Java-bytecode translator. Bytecode translation is getting important in various domains such as generative programming and aspect-oriented programming. To help the users easily develop a translator, the design of our toolkit is based on the reflective architecture. However, the previous implementa- tions of this architecture involved serious runtime penalties. To address this problem, our toolkit uses a custom compiler so that the runtime penalties are minimized. Since the previous version of our toolkit named Javassist has been presented in another paper, this paper focuses on this new compiler support for performance improvement. This feature was not included in the previous version. 1 Introduction Since program translators are key components of generative programming [5], a number of translator toolkits have been developed. For the Java language, some toolkits like EPP [9] and OpenJava [18] allow developers to manipulate a parse tree or an abstract syntax tree for source-level translation. Other toolkits, such as BCEL [6], JMangler [13], and DataScript [1], allow manipulating a class file, which is a compiled binary, for bytecode-level translation. The ease of use and the power of expressiveness are design goals of these toolkits. The latter goal means what kinds of translation are enabled. The former goal is often sacrificed for the latter one. The bytecode-level translation has two advantages against the source-level translation.
    [Show full text]
  • Aspect-Oriented Programming
    Beyond OOP Advanced Separation of Concerns Metaprogramming Reflection Aspect-Oriented Programming Eric Tanter DCC/CWR University of Chile [email protected] Éric Tanter – U.Chile [june | 2005] 1 Contents ● A brief history of programming ● Advanced modularization problems ● Reflection and metaprogramming ● Aspect-oriented programming Éric Tanter – U.Chile [june | 2005] 2 Part I A Quick History of Programming Adapted from Brian Hayes, “The Post-OOP Paradigm”, American Scientist, 91(2), March-April 2003, pp. 106-110 Éric Tanter – U.Chile [june | 2005] 3 Software? ● Real challenge: building the machine ● Software was not important as such ● First programs (40's) ● Written in pure binary: 0s and 1s ● Explicit memory address management Éric Tanter – U.Chile [june | 2005] 4 Then came the assembly... ● Assembly language ● No more raw binary codes ● Symbols: load, store, add, sub ● Converted to a binary program by an assembler ● Calculates memory addresses ● First program to help programming Éric Tanter – U.Chile [june | 2005] 5 ...and then, compilers ● Assembly required knowledge of the specific computer instruction set ● Higher-level languages (e.g. Fortran) ● Think in terms of variables/equations ● Not registers/addresses ● 60's: big projects = late/costly/buggy Éric Tanter – U.Chile [june | 2005] 6 Structured Programming ● Manifesto by Edsger W. Dijkstra: “Go to statement considered harmful” [1968] ● Build programs out of sub-units ● Single entrance point, single exit ● 3 constructs: ● Sequencing, alternation, and iteration ● Proof that
    [Show full text]
  • Middleware Architecture with Patterns and Frameworks
    Middleware Architecture with Patterns and Frameworks Sacha Krakowiak Distributed under a Creative Commons license http://creativecommons.org/licenses/by-nc-nd/3.0/ February 27, 2009 Contents Preface ix References........................................ x 1 An Introduction to Middleware 1-1 1.1 Motivation for Middleware . 1-1 1.2 CategoriesofMiddleware . 1-6 1.3 A Simple Instance of Middleware: Remote Procedure Call . ......... 1-7 1.3.1 Motivations and Requirements . 1-8 1.3.2 Implementation Principles . 1-9 1.3.3 Developing Applications with RPC . 1-11 1.3.4 SummaryandConclusions. .1-13 1.4 Issues and Challenges in Middleware Design . 1-14 1.4.1 DesignIssues ...............................1-14 1.4.2 Architectural Guidelines . 1-15 1.4.3 Challenges ................................1-17 1.5 HistoricalNote .................................. 1-18 References........................................1-19 2 Middleware Principles and Basic Patterns 2-1 2.1 ServicesandInterfaces . 2-1 2.1.1 Basic Interaction Mechanisms . 2-2 2.1.2 Interfaces ................................. 2-3 2.1.3 Contracts and Interface Conformance . 2-5 2.2 ArchitecturalPatterns . 2-9 2.2.1 Multilevel Architectures . 2-9 2.2.2 DistributedObjects . .. .. .. .. .. .. .. .2-12 2.3 Patterns for Distributed Object Middleware . 2-15 2.3.1 Proxy ...................................2-15 2.3.2 Factory ..................................2-16 2.3.3 Adapter..................................2-18 2.3.4 Interceptor ................................2-19 2.3.5 Comparing and Combining Patterns . 2-20 2.4 Achieving Adaptability and Separation of Concerns . ..........2-21 2.4.1 Meta-ObjectProtocols. 2-21 2.4.2 Aspect-Oriented Programming . 2-23 ii CONTENTS 2.4.3 PragmaticApproaches. .2-25 2.4.4 ComparingApproaches .
    [Show full text]
  • Polymorphic Bytecode Instrumentation
    SOFTWARE: PRACTICE AND EXPERIENCE Softw. Pract. Exper. 2016; 46:1351–1380 Published online 18 December 2015 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/spe.2385 Polymorphic bytecode instrumentation Walter Binder1,*,†, Philippe Moret1, Éric Tanter2 and Danilo Ansaloni1 1Faculty of Informatics, Università della Svizzera Italiana (USI), Lugano, Switzerland 2PLEIAD Lab, Computer Science Department (DCC), University of Chile, Santiago, Chile SUMMARY Bytecode instrumentation is a widely used technique to implement aspect weaving and dynamic analyses in virtual machines such as the Java virtual machine. Aspect weavers and other instrumentations are usu- ally developed independently and combining them often requires significant engineering effort, if at all possible. In this article, we present polymorphic bytecode instrumentation (PBI), a simple but effective tech- nique that allows dynamic dispatch amongst several, possibly independent instrumentations. PBI enables complete bytecode coverage, that is, any method with a bytecode representation can be instrumented. We illustrate further benefits of PBI with three case studies. First, we describe how PBI can be used to imple- ment a comprehensive profiler of inter-procedural and intra-procedural control flow. Second, we provide an implementation of execution levels for AspectJ, which avoids infinite regression and unwanted interference between aspects. Third, we present a framework for adaptive dynamic analysis, where the analysis to be performed can be changed at runtime by the user. We assess the overhead introduced by PBI and provide thorough performance evaluations of PBI in all three case studies. We show that pure Java profilers like JP2 can, thanks to PBI, produce accurate execution profiles by covering all code, including the core Java libraries.
    [Show full text]
  • University of South Wales Abbey Bookbinding Unit 3, Gabalfa Workshops Oat Menter Excelsior Ind
    University of South Wales Abbey Bookbinding Unit 3, Gabalfa Workshops Oat Menter Excelsior Ind. Estate 2059469 CardiffCFI43AY Tel:+44 (0)29 2062 3290 Fax:+44 (0)29 20625420 E: [email protected] www.abbeybookbinding.co.uk A Domain-Specific Aspect Language Approach to Distributed Systems Development Paul Soule Department of Computing and Mathematical Sciences University of Glamorgan A submission presented in partial fulfilment of the requirements of the University of Glamorgan/Prifysgol Morgannwg for the degree of Doctor of Philosophy August 2008 Abstract Distributed applications are difficult to write. Programmers need to adhere to specific distributed systems programming conventions and frameworks, which makes distributed systems development complex and error prone and ties the resultant application to the distributed system because the appli­ cation's code is tangled with the crosscutting concern distribution. Existing mainstream programming languages, such as Java, do not pro­ vide language support for distribution. Rather, programmers must rely on object-oriented distribution frameworks to provide distribution support. Although highly successful, the cost of using these frameworks is that the resultant code is tied to the framework. Object-oriented frameworks in gen­ eral, and distribution frameworks in particular, can therefore be considered crosscutting in nature because the framework's code, either via inheritance or containment, is scattered throughout the application's code thereby tying the application to the framework. This is a particular concern in distributed systems development because dis­ tribution frameworks impose a large code overhead due to the requirements distributed systems impose, such as the need to catch distribution-specific exceptions, locating and binding to distributed objects, locating another server in the event the current server becomes unavailable, and adhering to programming conventions dictated by the framework, such as implementing framework specific interfaces.
    [Show full text]
  • Secure Method Calls by Instrumenting Bytecode with Aspects
    Secure Method Calls by Instrumenting Bytecode with Aspects Xiaofeng Yang and Mohammad Zulkernine School of Computing, Queen’s University Kingston, Ontario, Canada, K7L 3N6 {yang,mzulker}@cs.queensu.ca Abstract. Today most mobile devices embed Java runtime environ- ment for Java programs. Java applications running on mobile devices are mainly MIDP (Mobile Information Device Profile) applications. They can be downloaded from the Internet and installed directly on the device. Although the virtual machine performs type-safety checking or verifies bytecode with signed certificates from third-party, the program still has the possibility of containing risky code. Inappropriate use of sensitive method calls may cause loss of personal assets on mobile devices. More- over, source code is not accessible for most installed applications, making it difficult to analyze the behavior at source-code level. To better protect the device from malicious code, we propose an approach of bytecode in- strumentation with aspects at bytecode level. The instrumentation pin- points the location of statements within methods, rather than at the interface of method calls. The aspects are woven around the statement for tracking. The weaving is performed at bytecode level without requir- ing source code of the program. Keywords: Bytecode instrumentation, aspects, code security. 1 Introduction Mobile technology is very popular nowadays. More and more applications are running on mobile devices such as cellphones and PDAs, etc. Mobile code can easily migrate from one site to another, and even to a personal cellphone. Java applications are popularly running on mobile devices that embed Java Runtime Environments. User’s information may be at risk as they are not usually aware of the programs they are running on their devices, for example, the unauthorized SMS (Short Message Service) sending programs [1] can be executed without any authorization of a user.
    [Show full text]
  • Code Instrumentation with Mod-BEAM
    1 Computer Science Code instrumentation with Mod-BEAM Roman Rinke Armando Wiedijk MSc. Thesis July 18, 2019 Supervisors: dr. A. Fehnker prof.dr.ir. M. Aksit External Supervisor: prof.dr. C. Bockisch Formal Methods and Tools Faculty of Electrical Engineering, Faculty of Mathematics Mathematics and Computer Science and Computer Science University of Twente Philipps University of Marburg P.O. Box 217 35037 Marburg 7500 AE Enschede Germany The Netherlands Abstract There are various methods and techniques for a developer to keep their code read- able and reusable. Design patterns have become important in modern development in order to realise this. There exists code, however, that you would not want in pro- duction. An example of this would be code that is generated by instrumentation tools. Tools might want to generate code to help create performance benchmarks, or to analyse the code-coverage of your test-cases. ”Code instrumentation” is a term commonly used to describe the task of adding such generated code. What we focus on in this thesis is code-instrumentation for Java projects. When a Java file is compiled, the compiler outputs a .class file with the low-level instructions that the Java Virtual Machine can execute. Java code instrumentation can be performed on the actual source-code (before compiling) or on the bytecode itself (after compiling). Multiple frameworks that allow for Java bytecode instrumen- tation. Some of these frameworks are a bit dated, but they all share the common interest to allow for easy, fast and maintainable bytecode manipulation. From the hypothesis that existing tools that make use of bytecode instrumenta- tion have potential overlap, the tool ”Mod-BEAM” is introduced.
    [Show full text]
  • Slides Revision: 20190923-Ea7c311
    Will it blend? Java agents and OSGi Slides revision: 20190923-ea7c311 1 Welcome 2 About me 3 Outline Quick demo Java agents primer Usage scenarios OSGi integration Integration testing Testing demo 4 Quick demo 5 Java agents primer 6 Java instrumentation APIs Provides services that allow Java programming language agents to instrument programs running on the JVM. java.lang.instrument Javadoc, Java SE 8 7 Static agents # loaded at application startup $ java -javaagent:agent.jar -jar app.jar Premain-Class: org.example.my.Agent import java.lang.instrument.*; public class Agent { public static void premain(String args,⏎ Instrumentation inst) { inst.addTransformer(new ClassFileTransformer() { /* implementation elided */ }); } } 8 Dynamic agents // dynamically attached to a running JVM VirtualMachine vm = VirtualMachine.attach(vmPid); vm.loadAgent(agentFilePath); vm.detach(); Agent-Class: org.example.my.Agent import java.lang.instrument.*; public class Agent { public static void agentmain(String args,⏎ Instrumentation inst) { inst.addTransformer(new ClassFileTransformer() { /* implementation elided */ }); } } 9 Class transformation public interface ClassFileTransformer { byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException; } 10 Java bytecode public static void main(java.lang.String[]); Code: 0: getstatic #16⏎ // Field java/lang/System.out:Ljava/io/PrintStream; 3: ldc #22⏎ // String Hello, world 5: invokevirtual #24⏎ //
    [Show full text]
  • Runtime Code Generation for Interpreted Domain-Specific Modeling Languages
    Proceedings of the 2018 Winter Simulation Conference M. Rabe, A. A. Juan, N. Mustafee, A. Skoogh, S. Jain, and B. Johansson, eds. RUNTIME CODE GENERATION FOR INTERPRETED DOMAIN-SPECIFIC MODELING LANGUAGES Tom Meyer Tobias Helms Tom Warnke Adelinde M. Uhrmacher Institute of Computer Science University of Rostock Albert-Einstein-Straße 22 18059 Rostock, GERMANY ABSTRACT Domain-specific modeling languages (DSMLs) facilitate concise and succinct model descriptions. DSMLs are commonly realized by defining a custom grammar and executing models in an interpreter. This provides flexibility in language design as well as in the implementation of simulation algorithms. However, this type of implementation can lead to a negative impact on simulation performance in comparison to implementing models in general-purpose programming languages (GPL). To mitigate this problem, we propose using runtime code generation. This allows us to replace specific parts of a model at runtime by compiling generated GPL source code. In this paper, we demonstrate the potential benefit of this concept based on ML-Rules, a DSML for modeling and simulating biochemical reaction networks. Using code generation for arithmetic expressions in ML-Rules’ reaction rate functions, we were able to decrease the runtime by up to 40% in complex application scenarios. 1 INTRODUCTION The development of a novel modeling method typically includes a software implementation of the method. One successful approach is to define domain-specific modeling languages (DSMLs) tailored to a specific application domain (Miller et al. 2010). Carefully designed DSMLs are powerful tools and enable modelers to efficiently develop succinct and accessible implementations of complex models. Especially in comparison to general-purpose programming languages (GPLs), using DSMLs results in more readable and compact model definitions.
    [Show full text]
  • Type-Safe Java Bytecode Modification Library Based on Javassist
    TALLINN UNIVERSITY OF TECHNOLOGY Faculty of Information Technology Institute of Computer Science Chair of Theoretical Informatics Type-safe Java bytecode modification library based on Javassist Bachelor thesis Student: Sven Laanela Student code: IAPB020471 Advisor: Pavel Grigorenko Tallinn 2015 I declare that this thesis is the result of my own research except as cited in the references. The thesis has not been accepted for any degree and is not concurrently submitted in candidature of any other degree. Signature Name Sven Laanela Date May 26, 2015 Abstract Dynamic (runtime) Java bytecode modification enables various fra- meworks to greatly enhance Java programs. They can provide logging, caching, dependency injection, object-relational mapping, etc. with- out cluttering the application source code, or even when the source code is not available. Existing Java bytecode modification libraries do not provide compile-time type safety or IDE-assisted code completion capabilities with regard to the class under modification. This thesis researches a problem of type-safe Java bytecode modification, build- ing on top of Javassist { a Java bytecode modification library { and taking into consideration the most common Java bytecode modifica- tion use-cases. Scenarios implemented in Javassist are described and an alternative approach that implements those scenarios in a type-safe manner is proposed. An implementation library is presented as proof of concept for the proposed approach to Java bytecode modification. An analysis of the applicability of the approach is provided, outlining both the benefits and trade-offs when compared to Javassist. Annotatsioon D¨unaamiline(s.t. rakenduse t¨o¨otamiseaegne) Java baitkoodi muut- mine v~oimaldaboluliselt t¨aiendadaJava rakendusi ilma l¨ahtekoodi ris- ustamata.
    [Show full text]